To track down and counter the sudden disappearance of tokens from crypto wallets requires investors to know the various ways bad actors use to steal cryptocurrencies successfully. 

Blockchain investigator Bitrace has  identified three effective ways hackers gain access to crypto investors’ wallets: through search engines, such as Google and Bing, pasteboard hijacking and liquidity mining and coin theft.

Crypto investors claiming “my coins disappeared suddenly” have been found to have recently downloaded crypto applications from unverified sources. Attackers use search engine optimization (SEO) techniques to rank higher on internet searches, unknowingly coercing users to download and sign up to fake apps with backdoors.

Pasteboard hijacking involves the process of automatically grabbing or modifying previously copied text data from clipboards. The technique often skims seed phrases of users, which can be used later to access wallets and drain funds. Bitrace highlighted how a fake Telegram app was being used to replace the destination wallet address copied in the clipboard, causing users to send their tokens to the hacker.

Finally, the classic “high yield and low risk” liquidity scams also ranked as one of the three most popular scams resulting in the disappearance of tokens. Bitrace recommended three methods crypto users could use to trace the stolen funds, starting with tracing the transaction fees. Investigators often find the hacker’s address by tracking down the source of the transaction fees that were paid to move the stolen funds.

Other ways investors can improve their chances of retrieving stolen funds include using blockchain explorers and professional tools. To learn more about how to track stolen crypto, read Cointelegraph Research’s article on how blockchain analysis helps recover funds .

Related: Crypto thief steals $4.4M in a day as toll rises from LastPass breach

In addition to targeting investors, attackers often steal funds from crypto organizations as well. As part of the remediation of a recent exploit, Maestrobots — a group of cryptocurrency bots on the Telegram messenger app — paid a total of 610 Ether ( ETH ) of its own revenue to cover all the user losses , which amounted to more than $1 million.

Wrapping up the Exploit Saga

➡️ First things first:

Maestro: Router 2 was exploited about 10 hours ago on ETH Mainnet, and some tokens (not ETH) were siphoned away. Within 30 minutes of the start of the attack, our team identified and fully removed the exploit. If you're…

— Maestro (@MaestroBots) October 25, 2023

Blockchain security firm CertiK confirmed to Cointelegraph that it had detected the transactions showing the 334 ETH compensation paid out to users from Maestro. “Most of these tokens pumped back up due to the anticipation that we were gonna market buy the tokens. Most of these tokens are still alive and kicking,” a spokesperson for Maestrobots told Cointelegraph.

Magazine:  Ethereum restaking: Blockchain innovation or dangerous house of cards?